Cloud Platform Release Announcements for September 26, 2016

This is a blog post of a new ongoing series of consolidated updates from the Cloud Platform team.

In today’s mobile first, cloud first world, Microsoft provides the technologies and tools to enable enterprises to embrace a cloud culture. Our differentiated innovations, comprehensive mobile solutions and developer tools help all of our customers realize the true potential of the cloud first era.

You expect cloud-speed innovation from us, and we’re delivering across the breadth of our Cloud Platform product portfolio. Below is a consolidated list of our latest releases to help you stay current, with links to additional details if you’d like more information. In this update:

Enterprise Mobility + Security E5 | GA

Securing productivity, collaboration and enterprise data is critically important as organizations digitally transform. Microsoft is committed to delivering a new approach to secure this transition as evidenced last year, again at RSA 2016, and now today with the announcement today of our new Secure Productive Enterprise offering.

As part of this broader investment the Microsoft Enterprise Mobility Suite (EMS) has been out in front in driving innovative solutions to help secure your users, devices, apps, and data. In just two years, EMS has grown to lead the market with over 33,000 enterprise customers and more than one-third of the Fortune 500 now onboard.

As the customer reception has grown, so has our offering, in just the past year we have launched several new products and capabilities aimed at securing users, devices, apps, and data including:

With this innovative and holistic security approach in mind we are renaming the Enterprise Mobility Suite (EMS) to Microsoft Enterprise Mobility + Security (EMS) to more accurately communicate its value. We are also announcing several updates to the purchasing offers for EMS, including a new expanded EMS E5 plan. They are available on October 1, 2016.

Microsoft Azure Information Protection | GA pre-announcement

Microsoft Azure Information Protection, a comprehensive solution for information protection will be generally available starting October 1, 2016. Azure Information Protection helps you classify, label and protect data. Classification labels and protection travel with the data so that it’s protected at all times, regardless of where its stored or with whom its shared, internal or external colleagues. The controls are simple and intuitive and do not interrupt your normal course of work. You also have deep visibility and control over shared data. To learn more:

Windows Server 2016 | Launch announcement

Windows Server 2016 launch and general availability.

We recently announced the launch of Windows Server 2016 at Ignite, our premiere event for IT professionals. Windows Server 2016 is available for evaluation beginning September 26, 2016 and will be on the October 2016 price list. Volume licensing customers will be able to download fully licensed software at General Availability in mid-October.

Windows Server 2016 is the cloud-ready operating system that delivers new layers of security and Azure-inspired innovation for the applications and infrastructure that power your business.

Built-in security: Windows Server 2016 gives you the power to prevent attacks and detect suspicious activity with new features to control privileged access, protect virtual machines and harden the platform against emerging threats.

Software-defined infrastructure: Windows Server 2016 delivers a more flexible and cost-efficient operating system for your datacenter, using software-defined compute, storage and network virtualization features inspired by Azure.

Cloud-ready application platform: Windows Server 2016 delivers new ways to deploy and run both existing and cloud-native applications, whether on-premises or in Microsoft Azure, using new capabilities such as Windows containers and the lightweight Nano Server deployment option.

System Center 2016 | LTSB

System Center 2016 launch

At Microsoft Ignite we announced the release of System Center 2016, the enterprise-class datacenter management solution for hybrid cloud environments and first choice for Windows Server management.

Windows Server 2016 management: Streamline monitoring, provisioning, and automation for new innovations in Windows Server 2016, and realize the value of the software-defined data center, from network management to Nano servers.

Enhanced performance and usability: Expand the surface area of monitoring and reduce friction for IT Operations with enhanced performance and usability in this version. Advances include data-driven alert management that reduces noise and enables faster troubleshooting, scheduling of maintenance windows, simplified workflows, and increased scale in monitoring of UNIX and Linux servers.

Extend to the cloud: System Center 2016 can also extend capabilities with Microsoft Operations Management Suite to give you visibility and control of data and applications that live across multiple systems, from a single solution. So you can stay in control of your IT and reduce the growing complexity in your environment.

Four new services for Operations Management Suite

Operations Management Suite is now offering four unique integrated services, available for purchase separately or as part of a suite. Each integrated service addresses specific management needs for customers:

Insight and analytics: Gain visibility across your workloads, giving you all the information needed on what’s happening in your environment. Insight and Analytics includes log collection and search, application and server dependency mapping, as well as network health monitoring. Releases this week include new application and service monitoring capabilities for Azure SQL, MySQL, and VMware hosts, a new Azure activity log search, and new ingestion API’s.

Automation and control: Enable consistent control and compliance across your environment for both Azure, 3rd-party clouds and on-premises datacenters. Automation and Control includes services to assist with process automation, desired state configuration, change tracking and new update management capabilities. This week we are also announcing enhanced Update Management features including insights into time estimates as well as sequencing of updates needed to keep Windows Server and Linux systems up-to date. Finally, change tracking has been enhanced with granular file-based tracking to support Windows Server and Linux environments.

Security and compliance: Drive security across every area of the organization, delivering sophisticated threat intelligence capabilities, malware detection, and information on how systems may have been compromised. Security and Compliance provides advanced security and audit functionality, malware threat analysis, and now, integration with Azure Security Center for deep security management of Azure services.

Protection and recovery: Ensure availability of important applications and data. Protection and Recovery helps you keep critical data protected through integrated cloud backup, and applications available, while minimizing the impact of disruptions to the business. Including both Backup and Site Recovery, the service provides an integrated experience for customers with new investments including greater Linux and VMware support, monitoring with Log Analytics and Site Recovery capacity planning.

Azure Stack | TP2

On Monday, September 26, 2016, we announced the availability of the second technical preview of Microsoft Azure Stack (TP2). The preview will enable you to evaluate new and innovative Azure-consistent scenarios, such as enhanced protection of your cloud applications with Azure Key Vault, asynchronous messaging for applications with Queue Storage, and cross-site connectivity between different components of an application with VPN Gateway.

The preview will also deliver the beginnings of underlying cloud infrastructure management capabilities that will ultimately help cloud operators operationalize Azure Stack in their datacenter. Along with the TP2, for the first time, we will showcase Azure Stack integrated systems from Dell, HPE, and Lenovo at the Microsoft Ignite conference and share additional technical information about Azure Stack architecture.

Install the newly available Technical Preview 2 (TP2) on a single server to explore and learn about what can be done with the power of Azure services in your datacenter.

Follow Microsoft Ignite, watch Azure Stack sessions, and see it live in action.

Azure App Gateway WAF (Web Application Firewall) | Public Preview

Web Application Firewall capability protects web applications from common web based attacks like SQL Injection, cross site scripting attacks or session hijacks. Application Gateway is offering a public preview of WAF capability as part of its new WAF SKU. Application Gateway WAF comes preconfigured with Core Rule Set to provide protection from threats as identified by Open Web Application Security Project (OWASP) top ten common web vulnerabilities. Application Gateway WAF can be simply configured and provides continuous monitoring and logging for web applications against exploits. Customers can run Application Gateway WAF in both protection and detection only mode.

Azure Disk Encryption | Disk Encryption for Linux VMs GA

Azure disk encryption for Linux IaaS VMs and support for VMs with Premium storage is generally available effective today in all Azure public regions. With this announcement, Azure disk encryption for Windows and Linux Standard IaaS VMs is now generally available to enable customers to protect and safeguard the OS disk and Data disks at rest using industry standard encryption technology.

Azure DNS | GA

Azure DNS lets you host your Domain Name System (DNS) domain in Azure so you can manage your DNS records using the same credentials, billing, and support contract as your other Azure services. Our global network of name servers uses Anycast routing to provide outstanding performance and availability. Azure DNS will be covered by the Azure service level agreement (SLA), which means that we guarantee that DNS queries will receive a valid response from at least one of our Azure DNS name server clusters at least 99.99 percent of the time.

Availability is calculated over a monthly billing cycle.

At general availability, Azure DNS will initially remain at fifty percent public preview billing. The associated meters will be switched to full-on general availability (100 percent) by July 2016.

Azure Key Vault | Key Vault Certificates GA

Key Vault Certificates, a new functionality with the Microsoft Azure Key Vault service that helps simplify tasks associated with SSL/TLS certificates will be generally available from today. This enhancement will help you enroll for certificates, automatically renew certificates from supported third party Certificate Authorities while providing auditing trails within the same Key Vault environment. Please visit Azure Key Vault for more information.

H Series | GA

New Azure H-series VM are now available.

Azure H-series VMs are now available in South Central US region. The launch of the H-series VMs in Azure represents yet another milestone in our quest to bring the fastest technology to market. The H-series will at time of launch be among the fastest VM’s in public cloud. Depending on application and scenario, it will potentially offer as much as thirty to fifty percent performance increase compared to other VMs in existence.

Azure H series virtual machines are next generation high performance computing VMs. Aimed at high end computational needs, like molecular modeling, computational fluid dynamics and similar. These VMs are built on Intel Haswell processor technology specifically E5-2667 V3 processors with 8 and 16 core VM sizes both featuring DDR4 memory and local SSD based storage.

The H-series line up offers, besides substantial CPU power, diverse options for RDMA and low latency capable networking using FDR InfiniBand along with several memory configurations to support memory intensive computational requirements.

The roll out of H-Series is gradual, and will initially require customers to open a support ticket to access the cluster.

We will be further advising around availability, as we deploy H-series to the remaining regions.

IPv6 for Azure VMs is available globally – all Azure commercial, government and go-local regions except China (IPv6 service not yet offered by Chinese Internet Service Providers). “Dual-stacked” (IPv4+IPv6) VMs provide maximum service deployment flexibility- a single service instance can connect with both IPv4 and IPv6-capable Internet clients. Native IPv6 to the VM supports broadest possible range of service architectures:

Protocols supported: TCP, UDP, HTTP(S)

Outbound connectivity enables VMs communicate with and use other IPv6 resources on the Internet

Storage Service Encryption | GA

Azure Storage is announcing the GA of Storage Service Encryption. This feature is available for Azure Blob Storage (Block and Page Blobs). It is available for any new storage account created through Azure Resource Manager. For accounts enabled with this feature, data will be encrypted using Microsoft managed keys. Data is encrypted using the industry leading Encryption algorithm, 256-bit Advanced Encryption Standard (AES-256). In addition, this is a fully managed encryption process as Microsoft performs key management, rotation and compliance with key standards. Customers with security and compliance requirement can take advantage of this feature.

Accelerated NIC | Public

Accelerated Networking has now entered its public preview and is ready for select VMs sizes to enable via for the best performance Azure has to offer:

Lower Latency/Higher packets per second (pps): Removing the vSwitch from the data path removes the time that packet would spend in the host for policy processing and increases the number of packets that can be processed inside the VM.

Reduced jitter: vSwitch processing would depend on the amount of policy that would need to be applied and the workload of the CPU that is doing the processing. SR-IOV removes that variability by delivering the packets directly to the VM.

Decreased CPU utilization: Bypassing the host means that CPU is used more efficiently freeing cycles for the VM to use.

While Accelerated Networking is available in a preview, more regions and VM sizes will be added in the weeks after its release.

Azure Security Center | New features Public Preview

We have been busy innovating on Azure Security Center since its general availability this year. Using Security Center, customers benefit from ongoing security research resulting in new analytics released today that are designed to detect insider threats, attempts to persist within a compromised system, and use of compromised systems to mount additional attacks, such as DDoS and Brute Force. Security Incidents, currently available in preview, have been enriched to correlate alerts from different sources, including alerts from connected partner solutions. Threat attribute reports are now built in to provide valuable information about attackers, which can be used to remediate threats more quickly. Security Center also released support for integrated vulnerability assessment from partners like Qualys, along with security assessment of Web Apps and Storage accounts. To learn more, please visit Azure Security Center.

Diagnostics for Network Security Groups and Routes | GA

To troubleshoot network connectivity to/from your Virtual Machine (VM), you can now view all the effective security group rules impacting traffic on a given Network Interface (NIC). You can also view the full list of effective routes, including system and BGP routes, impacting the NIC traffic. These capabilities simplify network troubleshooting for complex cloud workloads, by showing actual security policies/routes impacting the network traffic for a given VM/NIC. For more information, please visit (link to Azure Blog)

Multiple IPs Per NIC | Public

Through Multiple IP Addresses on Network Interface Cards (NIC) more than one (up to 250) private and public IP addresses can be allocated to each NIC. All the private IP addresses support platform native features like Network Security Groups (NSGs) and User Defined Routes (UDRs). In addition, through this feature, load balancing across both, primary and secondary NICs, is possible. A VM can host multiple applications or services with unique public IP addresses. Network virtual appliances (NVAs) can decouple the application data traffic and management traffic by placing multiple public IP addresses on separate NICs. This separation allows NVAs to enforce different security policies based on the NICs and also provide bandwidth isolation among different traffic types. Micro-services on VMs, through this feature, are able to use distinct IP addresses and benefit from native functions like NSGs and UDRs, without depending on an overlay network.

Multiple VIPs for internal Load Balancer | GA

Azure Multiple VIP support for Azure internal Load Balancer is now generally available.

UltraPerformance Gateway | GA

“UltraPerformance” is a new ExpressRoute gateway SKU for connecting a virtual network to an ExpressRoute circuit. The new gateway SKU provides a five times increase in network throughput over the “HighPerformance” gateway. Customers can now deploy more network intensive workloads into their virtual networks.

VNET Peering | GA

Virtual network peering for Azure Virtual Network lets customers directly link virtual machines in two virtual networks in the same region through private IP addresses, as if they were part of the same network. Virtual network peering routes packets through the internal Azure backbone network—without any gateway in the path. This allows for a low-latency, high-bandwidth connection between virtual machines in different virtual networks. Virtual network peering also allows transit through the peered virtual networks, so a network virtual appliance or a VPN gateway in one virtual network can be used by a virtual machine in another peered virtual network. Peering works across virtual networks in different subscriptions and between an Azure Resource Manager (V2) and Azure Classic (V1) virtual network. It does not work between two Azure Classic virtual networks.

IT Pro Cloud Essentials and IT Pro Career Center | International launch

Free resources to build your cloud career skills.

Microsoft is helping IT Professionals who want to build and advance their career in cloud technology with the Microsoft IT Pro Cloud Essentials and IT Pro Career Center programs. Now available in 25 languages, these free programs offer cloud services, support, career mapping, industry expert advice and more. Join here.

Azure Service Fabric | GA – Service Fabric for Windows Server

Azure Service Fabric simplifies building and operating microservice-based applications in Azure, at scale and with always-on 24×7 availability. Azure Service Fabric for Windows Server extends this capability to on-premises datacenters and other clouds, enabling application portability and flexibility by providing a runtime that can be installed on Windows Server instances wherever they run. With the general availability of Azure Service Fabric on Windows Server, customers can now run production workloads with the option to purchase premium support from Microsoft for ultimate confidence. Learn more.

Azure Service Fabric | Linux Public Preview

Service Fabric has long supported Windows servers and .NET applications, but many enterprises today run heterogeneous workloads, including Windows and Linux servers, .Net and Java applications, and SQL and NoSQL databases. Now, the preview of Service Fabric for Linux is publicly available. With this announcement, customers can now provision Service Fabric clusters in Azure using Linux as the host operating system and deploy Java applications to Service Fabric clusters. Service Fabric on Linux will initially be available for Ubuntu, with support for RHEL coming soon. Learn more.

SAP HANA on Azure | GA

Unparalleled performance for large enterprise workloads with GA of SAP HANA large instances.

Get the broadest choice and industry leading performance when running your SAP workloads on Azure. Spanning Azure Virtual Machines and purpose-built hardware, called SAP HANA large instances, scale your SAP HANA workloads up to 32 TB on multimode configurations. Azure lets you run the largest SAP HANA workloads, OLTP (up to 3 TB) and OLAP (up to 32 TB) of any global scale cloud provider.

Azure Event Hubs | Event Hubs Archival Public Preview

Announcing the public preview of Azure Event Hubs – Archive feature

Customers can now deliver the streaming data in their Event Hubs into a Blob Storage account by specifying a time or size interval of their choosing. Event Hubs Archive allows you to focus on data processing. It enables loading data into Azure Data Lake, Azure Data Factory, and Azure HDInsight where you can perform batch processing and other analytics.

Azure App Service – Logic Apps | Visual Studio Integration GA

Customers will now be able to deploy their Logic App from Visual Studio in their production environment. This feature enables them to leverage both designer and code views right from visual studio; customers can also manage source control and do not have to use production tools to build out Logic Apps. Logic Apps enterprise integration tools for Visual Studio 2015 also provides a schema editor, flatfile schema generator and XSLT mapper to easily create Integration Account artifacts from Visual Studio. Learn more about visual studio integration in Azure Logic Apps.

Azure CDN | CDN from Akamai Standard: HTTP2 Availability GA

HTTP/2 support for Azure CDN from Akamai Standard.

HTTP/2 improves user experience by improving the loading speed and performance of webpages. This feature is now available and enabled by default for all customers using Azure CDN from Akamai with no additional cost. The HTTP/2 edge server implementation is fully compliant with the HTTP/2 standard RFC 7540 (all HTTP/2 features are supported with the exception of server-push).

Main HTTP/2 features include:

Multiplexing: allowing multiple requests sent on the same TCP connection

Header compression: reducing header size in a request

Stream prioritization: prioritizing resources to transfer important data first

ArcGIS Maps for Power BI | Pubic Preview of ArcGIS Maps for Power BI

Microsoft Power BI is unlocking new capabilities that let our customers take geographic information to a whole new level in collaboration with Esri, a leader in the geographic information systems (GIS) industry.

We are announcing that soon Power BI users will be able to use ArcGIS Maps for Power BI (preview) created by Esri. This preview will bring new and exciting data visualization capabilities to all Power BI users.

Not aligned to Ignite.

DE – Cloud Infrastructure | Germany – Azure

Azure services from local datacenters in Germany now available.

Azure services are now available from local datacenters in Germany to customers and partners with Volume Licensing agreements in EU/EFTA. The Microsoft Cloud Germany offering is designed to specifically address customers with data access concerns through its unique model. Complementing the recent announcement in the UK, Microsoft Cloud Germany is delivered from two new data center regions in Germany which will run isolated instances of Azure, Office 365, and Dynamics CRM Online. Access to customers data is controlled by T-Systems, a subsidiary of Deutsche Telekom, operating under German law. The new, innovative data trustee model is a significant competitive advantage for Microsoft and a game changer for customers who have been unable to adopt public cloud technologies due to strict, local data privacy and compliance requirements.

“PingAccess For Azure AD” | Public

Azure AD and PingAccess: Partnering to bring you Secure Remote Access to even more on-premises Web Apps.

On September 14, 2016, Ping Identity and Microsoft announced a collaboration to provide secure access to a broad spectrum of on-premises web applications through an integration between Azure AD Application Proxy and PingAccess.

Azure Active Directory as a cloud Identity and Access Management as a Service (IDaaS) solution can provide secure single sign-on (SSO) to thousands of cloud SaaS applications. Additionally, through a feature called Application Proxy, Azure AD can provide SSO and secure remote access to on-premises web applications, such as on-premises SharePoint web sites, RDP websites etc. However, connecting the full set of legacy and custom on-premises apps can be challenging especially if these apps are not standards-based.

Ping Identity is an established identity vendor specializing in on-premises identity management. Ping Identity has developed PingAccess that provides SSO and remote access to many different types, even non-standard based, on-premises web applications

This integration between Application Proxy and PingAccess allows enterprises to expand SSO access to even more of their on-premises web applications. The result is seamless and secure single sign-on for all applications for all users on all devices and clouds, without the need for a VPN.

Ping and Microsoft will deliver the preview of “PingAccess for Azure Active Directory” in early 2017. Azure AD Premium customers can use this integration to connect up to 20 apps at no additional cost. For more than 20 applications, full PingAccess licenses may be purchased. During Microsoft Ignite we will also demonstrate the integration in our Azure Active Directory sessions and at our booth.

Microsoft Identity Manager 2016 SP1 | GA

Microsoft Identity Manager (MIM) 2016 Service Pack 1, which addresses customer reported bug fixes, and several new highly-requested features since the initial release of MIM 2016 last year, is now available. These features include; MIM portal cross-browser compatibility, including all major browsers and mobile devices, a streamlined deployment option for Privileged Access Management (PAM), integration with Exchange Online for request and approval notifications, PAM single forest deployment and automatic authentication policy silo configuration, and updated platform support including SharePoint and SQL 2016. Upgrade your deployment to MIM 2016 SP1 today! Read more in our documentation site.

Microsoft Intune | September release

Microsoft Intune support for Android for Work

On September 13, 2016, we announced that Intune is now part of the Android for Work program and in the early stages of rolling out Android for Work features. Intune’s Android for Work support is currently in private preview, general availability is expected in early Q4 CY17.

Here’s a sample of what you can expect to see in our initial release of Android for Work support:

A broader set of management policies for Android devices including the ability to manage a work profile on the device, set policies to enforce complex lock screen PINs and define permission policies for Android apps you manage.

Application install improvements: today, the user experience for deploying apps is different depending on whether the app is an internally developed LOB app, or if it’s in the Play store. Android for Work unifies this experience, making it consistent regardless of what kind of app you are deploying.

Security improvements including mandatory encryption and the ability to disable app installation from unknown sources.

Email client app configuration: using managed configuration, any email app that supports enterprise configuration can be provisioned with Intune. Intune also provides IT Pro UI for configuring the Gmail and Nine Work applications.

App configuration capabilities: developers will be able to expose managed configuration capabilities in their applications, opening up a pipeline for Intune to be able to configure these settings.

Check out Microsoft Intune and Android for Work at Ignite

If you’re planning on attending Microsoft Ignite, be sure to check out our Android content. A full session dedicated to everything you need to know about using Intune to manage Android devices – presented by the Intune engineering team designing the features and experiences. If you can’t make it to Atlanta for Ignite, session recordings will be available after the event.

Yammer App with Intune MAM – now available!

We recently announced an update to Yammer apps that allows you to protect team conversations and corporate data using Intune MAM controls. This update supports the Intune MAM app-level data protection with or without MDM device enrollment. The updated Yammer app is now available in the Google Play and iOS App stores.

Intune App SDK support for Xamarin

With our new support for Xamarin, we’re making it easier for developers to use our Intune App SDK to prevent data loss in their mobile iOS and Android apps. The Xamarin component was designed specifically for use when building cross-platform mobile apps on the Xamarin platform, so developers can easily bake in mobile application management (MAM) controls as part of their standard app development process. Developers building a cross-platform apps can now quickly apply Intune MAM controls to their projects with very little modification to their mobile app. The Xamarin component supports Xamarin Cycle 7 and above.

Power BI Desktop | GA

New and most frequently requested Power BI Desktop features are now available to business analysts. ESRI map support (preview)—ESRI’s ArcGIS maps provide world-class mapping controls right in Power BI. Mobile report layout (preview)—provides the ability to design and layout reports optimized for mobile devices. Forecasting (preview)—first addition to the new Analytics pane (released last month) enabling predictive analytics on your data—using built-in forecasting models to automatically detect seasonality in your data and provide forecasting results.

Download the latest Power BI Desktop to experience the new features immediately. For more information on these new features and others, visit the Power BI blog.

Power BI service | GA

More new and most frequently requested Power BI features are now available to end users and business analysts in the month of September. Download reports from Power BI service: lets you download the reports uploaded from Power BI Desktop as PBIX files and reopen them in Desktop. This completes the workflow: create a report in Desktop > publish to service > modify in service > download to Desktop > modify in Desktop > re-publish to service. Sign in to powerbi.microsoft.com to experience the new features immediately. For more information on these new features and others, visit the Power BI blog.

Today, we released a major update to Azure SQL Database Advisor that greatly reduces the time required to produce and implement index tuning recommendations, making the performance tuning process much faster. Now you can run your production workload in SQL DB for a day, and Database Advisor will come up with relevant tuning recommendations to improve your performance (and apply them for you in case you turned on automated tuning).

On September 14, 2016, Microsoft Cognitive Services continued its global expansion beyond the United States with the availability of the Computer Vision API, Face API and Emotion API in the Azure data center located in China.

Microsoft’s Computer Vision API is able to extract rich information from images to categorize and process visual data and protect your users from unwanted content.

Microsoft’s FACE API can detect human faces and compare similar ones, organize people into groups according to visual similarity, and identify previously tagged people in images.